The General Data Protection Regulation (GDPR) is the new regulation on personal data protection that unifies data protection laws across all European Union.
The GDPR applies to all businesses handling EU citizens’ data – which means every business in the world, that are in the possession of personal data of EU citizens, are obligated to comply with the European GDPR (General Data Protection Regulation).
Penalties for non-compliance is 4% of the company’s annual revenues or up to 20 million Euro.
The GDPR is effective from 25 May 2018.
It describes strict requirements for companies and organizations on collecting, storing, processing and managing personal data.
To make sure you are GDPR compliant, you need to have control on the following areas:
- Accountability and governance
- Data security
- Lawful basis and transparency
- Privacy rights